Use the Exchange
Administration Delegation Wizard to set permissions on
organizations and administrative groups, and thus control access to
the Exchange objects contained within the organization or
administrative group. You can also set permissions on some Exchange
objects individually. These objects include public folder trees,
address lists, MDBs, protocols, and servers. For these objects, you
can use the Access Control Settings dialog box to set
Extended permissions are permissions that Exchange adds to the
standard Active Directory permissions. Use this dialog box to
specify the type of auditing
you want on the object. When looking at an object's advanced
permissions, the Active Directory permissions are listed first,
followed by the Exchange extended permissions.
To set advanced permissions on a public folder tree, address
list, MDB, protocol, or server:
On the Start menu, point to
Programs, point to Microsoft Exchange, and then click
Navigate to the object.
Right-click the object, and then click Properties.
Click the Security tab, and then click
In the Access Control Settings for object name
dialog box that appears, on the Permissions tab, set
permissions for a user, computer, or group. These permissions
include the standard Active Directory permissions and any Exchange
extended permissions that apply to the object.
On the Permissions tab, in Name, select a user,
computer, or group for which you want to set permissions. If you do
not see the user, computer, or group in Name:
Click Add, and then in Select User, Computers, or
Groups, select the user, computer, or group in Name, and
then click Add again.
- OR -
Type the names of the users, computers, or groups in the text
box, separated by semicolons.
In Permissions, select Allow or Deny for
each type of permission.
If you want the object to inherit permissions from the
organization, administrative group, or routing group that contains
it, select the Allow inheritable permissions from parent to
propagate to this object check box, or click to clear the check
box if you do not want permissions inherited. By default, the check
box is selected.
To remove a user, computer, or group from the Name,
select the user, computer, or group, and then click
To modify the list of permissions for the user, computer, or
group selected, under Permission Entries, click
View/Edit, and then select Allow or Deny for
each type of permission.
To change the owner of the object for which you are setting
permission, on the Owner tab, select a name in the Change
owner to list. Only administrators of the domain containing the
object or administrators of trusted domains appear in the
To audit use of the object, on the Auditing tab, click
Add to add a user, computer or group whose use of the object
will be audited.
To select the type of auditing that will be performed, click
View/Edit. In the Auditing Entry for object
name dialog box that appears, in Access, choose to
audit the success and failure of different types of access
To select how to apply auditing, in the Auditing Entry for
object name dialog box, in Apply onto, select
this object only, or this object and the objects it contains, or
one of several other options.